Paper 2016/230

ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels

Daniel Genkin, Lev Pachmanov, Itamar Pipman, Eran Tromer, and Yuval Yarom

Abstract

We show that elliptic-curve cryptography implementations on mobile devices are vulnerable to electromagnetic and power side-channel attacks. We demonstrate full extraction of ECDSA secret signing keys from OpenSSL and CoreBitcoin running on iOS devices, and partial key leakage from OpenSSL running on Android and from iOS's CommonCrypto. These non-intrusive attacks use a simple magnetic probe placed in proximity to the device, or a power probe on the phone's USB cable. They use a bandwidth of merely a few hundred kHz, and can be performed cheaply using an audio card and an improvised magnetic probe.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Minor revision. ACM Conference on Computer and Communications Security (CCS) 2016
DOI
http://dx.doi.org/10.1145/2976749.2978353
Keywords
side-channel attackelliptic curve cryptographyelectromagnetic analysispower analysis
Contact author(s)
tromer @ cs tau ac il
History
2016-08-19: revised
2016-03-02: received
See all versions
Short URL
https://ia.cr/2016/230
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/230,
      author = {Daniel Genkin and Lev Pachmanov and Itamar Pipman and Eran Tromer and Yuval Yarom},
      title = {ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels},
      howpublished = {Cryptology ePrint Archive, Paper 2016/230},
      year = {2016},
      doi = {http://dx.doi.org/10.1145/2976749.2978353},
      note = {\url{https://eprint.iacr.org/2016/230}},
      url = {https://eprint.iacr.org/2016/230}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.